| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Aug 2006 00:51:51 +0200
From: "Carsten Eilers" <ceilers-lists@....de>
To: <crackers_child@...ersavascilar.com>, <bugtraq@...urityfocus.com>
Subject: Re: Joomla Rssxt <= 1.0 Remote File Include Vulnerability
Hi,
crackers_child@...ersavascilar.com schrieb am Fri, 18 Aug 2006 09:46:12 +0000:
>Title : Joomla Rssxt <= 1.0 Remote File Include Vulnerability
First: There ist no pinger.php or RPC.php in V 1.0.
But they are in 2.0 Beta 1.
So maybe you reportet the wrong version.
>-------------------------------------------
>
>Bug
>
>
>in pinger.php
>
>
>require("../../configuration.php");
>
>require("../../classes/mambo.php");
>
>require("../../includes/sef.php");
>
>require("$mosConfig_absolute_path/administrator/components/com_rssxt/
>class.rssxt.php");
$mosConfig_absolute_path is set in configuration.php.
If it is not manipulated in classes/mambo.php or
includes/sef.php there ist no way to change it.
Surely not in pinger.php.
>in RPC.php
>
>
>require("../../configuration.php");
>
> ...
Same as above.
>rssxt.php
>
>
>include($mosConfig_absolute_path."/components/com_rssxt/includes/
>feedcreator.class.php");
>
>require_once( $mosConfig_absolute_path."/administrator/components/
>com_rssxt/class.rssxt.php");
rssxt.php checks for direct calls, if you call it
direct you got a 'die', but no code-execution oder
file inclusion.
No file inclusion at all.
Regards
Carsten
--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz
<http://www.ceilers-it.de>
Powered by blists - more mailing lists